Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Intro To Encryption Exercise 11. 2 Problem Alice and Bob wish to play the game Paper, Rock and Scissors. What may be the problems with the game? The.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Intro To Encryption Exercise 11. 2 Problem Alice and Bob wish to play the game Paper, Rock and Scissors. What may be the problems with the game? The."— Presentation transcript:

1 1 Intro To Encryption Exercise 11

2 2 Problem Alice and Bob wish to play the game Paper, Rock and Scissors. What may be the problems with the game? The requirements for the games are  Privacy of the choice (i.e. when someone chooses, the other party does not know his choice)  Non repudiation of the choice (i.e. when someone chooses, he can’t change his decision later) Assume: known public keys for parties: e A, s A, e B,s B (for encryption, signature by Alice, Bob)

3 3 Solution – choice phase Use Encrypt-Then-Sign scheme, i.e. sign the encrypted value. Alice’s playout  Alice picks ephemeral PKCS keys e temp,d temp  Alice’s choice is denoted as C a (“ P”, “R” or “S”)  Alice choice: Sign sA (Enc etemp (C a ),e temp ). Same goes for Bob.

4 4 Solution – Verification Phase Alice provides  C A, randomness used for encryption  Why do we need to use randomized encryption? Bob’s verification  Ver vA (Enc etemp (C A ),e temp ) If C A >C B (when > represents better) then Alice wins, otherwise Bob wins.

5 5 Problem Why does Alice (and Bob) sign their public keys as well? Isn’t it sufficient to sign the encryption?

6 6 Solution No!!! From the lecture:  Anderson and Needham [AN95] Key-spoofing attacks against EtS Recipient chooses (special?) public encryption key e Such that for some m, m’, e’ holds: E e’ (m’)=E e (m) E.g. RSA: m’=m e/e’ m’ e’ =m e With CRT, can compute e’ for any m, m’, e `Collision` of encryption (inputs: public key and data) Signing the public key ensures that this key was used and no other key.

7 7 Problem Suggest a way for independent parties to share keys for sessions. The parties may hold a long term key with only one party, for each other parties they can’t hold/generate a long term/short term key. The parties may trust some other parties. You may NOT use DH/RSA.

8 8 Solution Use a key distribution center for generating the keys. Each entity trusts the KDC and holds a symmetrical key with him. The KDC shall generate the keys. Example:  Party A wishes to communicate with party B.  A’s key is K A, B’s key is K B. The keys are shared with the KDC only.

9 9 Solution KDC generates a key K AB KDC transmits the keys using  ENC KA (K AB ) to A  ENC KB (K AB ) to B

10 10 Problem What about authentication? Should we use the same keys for encryption and authentication? How may we derive keys for authentication?

11 11 Solution The use of MAC is required for authentication. We MUST NOT use same keys for MAC and ENC (possible key/message exposure) We MAY Derive keys as follows  PRF KA (“Encryption”) for encryption  PRF KA (“Authentication”) for authentication

12 12 Problem How may you refresh the keys of the KDC (and clients) to provide proactive security such that all clients are synchronized and their keys are refreshed?

13 13 Solution We may use forward secrecy  At period t+1 client A shall replace his key K A likewise PRF KA (“Refresh”||t+1)  The same shall be with the KDC (same protocol) For each K i in { A, B, …} do  PRF Ki (“Refresh”||t+1) done

14 14 Problem Does this solution provide forward secrecy? How would you change the protocol to accommodate the requirements for forward secrecy?

15 15 Solution Using DH methods Generate p a large prime and g a generator. User A shall generate a number a and g a which shall be his private and public numbers. The KDC shall generate a number ka and g ka for each of the clients. The protocol  Use DH between the client and server to generate the new keys Show the protocol including authentication to provide secure key refresh without eve performing a man in the middle attack or discover the new key.

16 16 Problem What may be the problem with a central KDC?

17 17 Solution Performace may decrease when clients increase. Especially when multicast clients are present Security may be a very big issue (single point of failure, master keys recovery).

18 18 Problem How should you improve performance? Is replication a good performance improvement? How does it affects security?

19 19 Solution A naïve approach may be to replicate the KDC This may solve some performance issues when done properly This may decrease security because of multiple exact copies of the same information.

Download ppt "1 Intro To Encryption Exercise 11. 2 Problem Alice and Bob wish to play the game Paper, Rock and Scissors. What may be the problems with the game? The."

Similar presentations

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Digital Signatures and applications Math 7290CryptographySu07.

Digital Signatures and applications Math 7290CryptographySu07.
1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity.

1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.

Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.
Homework #4 Solutions Brian A. LaMacchia Portions © 2002-2006, Brian A. LaMacchia. This material is provided without.

Homework #4 Solutions Brian A. LaMacchia Portions © , Brian A. LaMacchia. This material is provided without.
Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Similar presentations

Ads by Google